fbpx

Installing an Apereo CAS 6.x server with a single authentication allows for a single authentication (SSO).
We authenticate on a website. We are logged into all the sites we have created to access our web applications. For example RocketChat, Guacamole, limesurvey, GLPI and many other applications.

Install a unique authentication server Apereo CAS 6.x

 

Configure the Debian

 

1. Add backports in the repository

 

echo "deb http://deb.debian.org/debian/ stretch-backports main contrib non-free" >> /etc/apt/sources.list

 

2. Update system

 

apt update

 

apt upgrade

 

apt install tomcat8 tomcat8-admin tomcat8-user openjdk-11-jdk openjdk-11-jre maven build-essential git

 

3. install packages necessary

 

apt install tomcat8 tomcat8-admin tomcat8-user openjdk-11-jdk openjdk-11-jre maven build-essential git

 

4. Configure the environment variable JAVA

echo "JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/" >> /etc/environment
source /etc/environment

5. Check the environment variable

echo $JAVA_HOME

Deleting JAVA 8

Make a

update-alternatives --display java

If you see secondary link

java.1.gz : /usr/lib/jvm/java-8-openjdk-amd64/jre/man/man1/java.1.gz

Delete the.

apt remove openjdk-8-jre-headless --purge

6. Configure Tomcat8

Go in

/etc/default

Open tomcat8 file

Add the following line:

JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

Check again if you have Java 11

update-alternatives --display java

7. Configure the Tomcat8 manager

Go to / etc / tomcat8

Open the tomcat-users.xml file

At the very bottom of the file put

<role rolename="admin-gui"/> <user username="admin" password="toor" roles="manager-gui,admin-gui""/>

8. Restart Tomcat

systemctl restart tomcat8

II – Pre-installs Apereo

We start by installing the project needed to use case-overlay-Template

Retrieve the project

Go to the / opt folder

git clone https://github.com/apereo/cas-overlay-template
cd cas-overlay-template

1. Adding LDAP Module (Dependency)

Open the build.gradle file

Add the line below:

dependencies { compile "org.apereo.cas: cas-server-webapp${project.appServer}:${casServerVersion}" // Other CAS dependencies/modules may be listed here... compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}" compile "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" }

Save file

2. Add the LDAP configuration to the cas.properties file

cas.server.name=https://cas.osnetworking.fr:8443 cas.server.prefix=${cas.server.name}/cas logging.config: file:/etc/cas/config/log4j2.xml

ATTENTION REMOVE THE # TO BE IN VERSONS PRODUCTION

# cas.authn.accept.users= # Desactivation des comptes locaux cas.authn.accept.users= ### Connexion LDAP cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].ldapUrl=ldap://filer1.osnetworking.fr:389 cas.authn.ldap[0].baseDn=dc= osnetworking,dc=fr cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].searchFilter=sAMAccountName={user} cas.authn.ldap[0].principalAttributeList=cn,givenName,mail # Credential to connect to LDAP cas.authn.ldap[0].bindDn=CN=Admincas,CN=CasAdmin,DC= osnetworking, ,DC=fr cas.authn.ldap[0].bindCredential=Azerty25

3.) LDAP Connection Port Check 389

telnet osnetworking.fr 389

If you have this message:

Trying 192.168.0.54... Connected to osnetworking.fr. Escape character is '^]'.

It’s OK.

III – Creation of the log file for CAS

Create a folder in / var / log / case

mkdir /var/log/cas

1. Copy of the cas.log and cas_audit.log files

Copy or create the cas.log and cas_audit.log files in the folder

2. Right on the file

To put the rights on the folder make the following command:

chown -R tomcat8:adm /var/log/cas

Installing Gradle

./gradlew clean ./gradlew clean copyCasConfiguration build

Creating the key

./gradlew createKeystore

You need to recover the cas.war file in /opt/cas-overlay-template/build/libs/cas.war and put it in / var / lib / tomcat8 / webapps /

cp /opt/cas-overlay-template/build/libs/cas.war /var/lib/tomcat8/webapps/

Restart the Tomcat8 service

# systemctl restart tomcat8.service

Now we will test the connection

For here the ip address is: http://192.168.0.54:8080/cas or http://cas.univ-bfc.fr:8080/

Click on ” connect

 

Apereo CAS

When you are logged in, you must have this message: Successful login

Apereo CAS

Clicking on

Apereo CAS

We can see the attributes of the Active Directory.

IV- Choosing the Application Configuration

We have the choice to configure the applications either with:

  • With Json
  • JPA module database

To start we will use the Json.

V- Configuration of the Json

Check that in the build.gradle file we have:

compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"

Once we check we can start.

1. Configure the cas.properties file

Open the case file. properties

cd \opt\cas-template-overlay nano etc/cas/config/cas.properties

Add the line below:

# Configuration de JSON cas.serviceRegistry.json.location: file:/etc/cas/services

Once the line has been added we must create a folder.

2. Creating the service folder

We use the mkdir command to create the folder

mkdir /etc/cas/services

3. Add applications

We will create for each application a file in “.json”

It is recommended that you name the new JSON files as follows:

serviceName-serviceNumericId.json"

To create the ID we use the following command:

date +%s

Here is what gives

root@cas:/opt/cas-overlay-template# date +%s 1559915619

This number is our ID.

So the file will be “application-1559915619.json”

The file must be in / etc / case / services /

4. Creating the json file

“Application” is the name of your application in this example

touche application-1559915619.json

5. Application configuration

Open the file we just created

nano application-1559915619.json

Attention the example below to avoid the use

{ /* * Ne pas utiliser cette définition dans un environnement de production. */ "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^(https|imaps)://.*", "name" : "HTTPS and IMAPS wildcard", "id" : 1503925297, "evaluationOrder" : 99999 }

Here for the Rocketchat app

Open the file http_rocketchat-1559902436.json

nano http_rocketchat-15599902436
{ /* * Wildcard service definition that applies to any https or imaps url. * Do not use this definition in a production environment. */ "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^http://192.168.0.113/_cas/.*", "name" : "RocketChat", "id" : 1503925297, "evaluationOrder" : 99999 "allowedAttributes":["sAMAccountName", "mail", "cn"] }

VI – Install case management

git clone https://github.com/apereo/cas-management-overlay

1) Configure cas-management

Go to the folder / opt / cas-management /

Open the build.gradle file.

nano build.gradle

Add the following line:

compile "org.apereo.cas:cas-management-webapp-support-ldap:${project.'casmgmt.version'}" compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'casmgmt.version'}"

2. Configure the management.properties file

Go to the folder / opt / cas-management / etc / case / config

cd /opt/cas-management/etc/cas/config

Open the management.properties file

nano management.properties

Add the following lines:

cas.server.name=http:// 192.168.0.112 :8080 cas.server.prefix=${cas.server.name}/cas mgmt.serverName=http:// 192.168.0.112 :8080 ################################################################### Update this URL to point at server running this management app # ################################################################## mgmt.serverName=http://192.168.0.112 server.context-path=/cas-management server.port=8080 mgmt.adminRoles[0]=ROLE_ADMIN mgmt.userPropertiesFile=file:/etc/cas/config/users.json ###################################### # Gestion des Logs de cas-management # ###################################### logging.config=file:/etc/cas/config/log4j2-management.xml ################################ # Gestion des services en JSON # ################################ cas.serviceRegistry.json.location=file:/etc/cas/services ############################################################# Liste des attributs sélectionables depuis le CAS-Manager # ############################################################ cas.authn.attributeRepository.stub.attributes.cn=cn cas.authn.attributeRepository.stub.attributes.displayName=displayName cas.authn.attributeRepository.stub.attributes.givenName=givenName cas.authn.attributeRepository.stub.attributes.mail=mail cas.authn.attributeRepository.stub.attributes.sn=sn cas.authn.attributeRepository.stub.attributes.uid=uid cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER=UDC_IDENTIFIER

Save file

3. Add applications

We will create the “.json” file as we did above.

To create the ID we use the following command:

date +%s

Here is what gives

Open the folder / opt / case-management / case / services

root@cas: cd /opt/cas-management/cas/services

We create the ID for the application

date +%s 1560930209

This number is our ID for the case-management application.

4. Creating the json file

touche http_cas_management-1560930209.json

Insert the lines below:

/* * Wildcard service définition that applies to any https or imaps url. * Do not use this definition in a production environment. */ { "@class" : "org.apereo.cas.services.RegexRegisteredService", "service" : "^http://192.168.0.112/cas-management/*", "name" : "CAS Services Management", "id" : 1560930209, "description" : "CAS services management webapp", "evaluationOrder" : 5500 "allowedAttributes":["cn","mail"] }

So the file will be “http_cas_management-1560930209.json”

We will compile the file with the following command

./build.sh copy package --info ./build.sh package --info

Files are copied to / etc / case / config and / etc / case / services /

Copy the war file to the folder / var / lib / tomcat8 / webapps /

root@caser:/opt/cas-management-overlay cp build/libs/cas-management.war /var/lib/tomcat8/webapps/

We can restart the tomcat8 service

systemctl restart tomcat8.service

VII – Securing Apereo CAS

To secure Apereo CAS, you must have an SSL certificate.

Conclusion

That’s it, you just installed Apereo CAS under your Debian.
As you can see, the road is still long before you completely master Apereo CAS.
I thank the forums for their help and advice.

 

2 Comments

  1. Roel

    Bonjour, i tried your example but even after clearing some wrong lines in your example i still don’t get it running.

    I would appreciate any help to setup my system.

    Reply
    • osentworking

      Hello,

      Thank you. I would be happy to help you. I tried my configuration on another VM and it works very well. Can you give me your configuration to see where it comes from?

      Reply

Leave a Reply to Roel Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.